I'm investigating a Chromium crash bug: http://code.google.com/p/chromium/issues/detail?id=155942 I've not yet identified the root cause (because I can't reproduce it), but it looks like we are storing NULL pointers to V8 internal fields. Just in case, we can add an ASSERT() to guarantee that NULL pointers are never stored. (Also I'm hoping that this ASSERT() will give me more debug information.)
Created attachment 172063 [details] Patch
Comment on attachment 172063 [details] Patch Clearing flags on attachment: 172063 Committed r133313: <http://trac.webkit.org/changeset/133313>
All reviewed patches have been landed. Closing bug.
Re-opened since this is blocked by bug 101078
Looks strange... I'm heading for a hotel, will take a look in the weekend.
Created attachment 172285 [details] Patch
Created attachment 173558 [details] Patch
I think now it's safe to add the ASSERT()s.
Comment on attachment 173558 [details] Patch ok
Comment on attachment 173558 [details] Patch Rejecting attachment 173558 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: h']" exit_code: 1 cwd: /mnt/git/webkit-commit-queue Parsed 2 diffs from patch file(s). patching file Source/WebCore/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/WebCore/bindings/v8/V8DOMWrapper.h Hunk #1 FAILED at 66. 1 out of 1 hunk FAILED -- saving rejects to file Source/WebCore/bindings/v8/V8DOMWrapper.h.rej Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--force', u'--reviewer', u'Adam Barth']" exit_code: 1 cwd: /mnt/git/webkit-commit-queue Full output: http://queues.webkit.org/results/14820316
Created attachment 173808 [details] patch for landing
Comment on attachment 173808 [details] patch for landing Clearing flags on attachment: 173808 Committed r134369: <http://trac.webkit.org/changeset/134369>